Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
7Activity
0 of .
Results for:
No results containing your search query
P. 1
Hacking Windows 8 Games

Hacking Windows 8 Games

Ratings: (0)|Views: 330 |Likes:
Published by Rick Freeland
Hacking Windows 8 Games cache from http://justinangel.net/HackingWindows8Games
+ 4 images :p
Hacking Windows 8 Games cache from http://justinangel.net/HackingWindows8Games
+ 4 images :p

More info:

Categories:Types, Research
Published by: Rick Freeland on Dec 12, 2012
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

06/17/2014

pdf

text

original

 
Esta es la versión en caché de http://justinangel.net/HackingWindows8Games de Google. Se trata de una captura de pantalla de la página tal como esta se mostraba el 11 Dic 2012 03:17:37 GMT.Es posible que la página haya sufrido modificaciones durante este tiempo. Más información  Sugerencia: para encontrar rápidamente tu término de búsqueda en esta página, pulsa
Ctrl+F
o
-F
(Mac) y utiliza la barra de búsqueda.
 
Hacking Windows 8 Games
 
Justin
 
Angel
 
HI folks,This article is a follow-up to myvious
 
2011
 
article
 
on
. 
In
 
this
 
article
 
we’ll
 
see
 
how
 
to
 
use
 
innate
 
Windows
 
8
 
security
 
attack
 
vectors
 
in
 
such
 
a
 
way
 
that
 
could
 
compromise
 
Windows
 
8
 
games
 
revenue
 
stream
.
We’ll
 
review
 
real
-
world
 
examples
 
for
 
all
 
Win8
 
programming
 
languages
 
and
 
frameworks
.
But first, why Games?
we’ve seen security loopholes affecting all Windows 8 apps. However in thisarticle we’ll focus on how to use these techniques to compromise games security. The reason we’
llbe focusing on games is that they account for 51%+ of developer revenue on every mobiledeveloper platform. Let me repeat that, games account for the majority of developer revenue. Forexample we can see from official Microsoft statistics that
64% of app purchases on WindowsPhone 7 are for games
.The majority of mobile apps make their money from a combination of in-app ads, in-apppurchases or paid app downloads. Google IO 2012 had this great slide illustrating all the ways a mobile app developer can get paid:http://www.youtube.com/watch?v=DJdx_Wd_EOo&feature=youtu.be&t=15m30s
In this article we’ll show how insecure each of those payment streams are on Windows 8 with real
-wor
ld examples from game development. It’s important to mention the methods shown in this
article can be applied to every app and not just games.
#1: Compromising in-app purchases by modifying IsoStore
 
The Win8 game Soulcraft is a top game on Android and is subjectively one of best examples of its
genre on Windows 8. It’s a basic RPG where you play an arch
angel battling the forces of evil in
stylish 3D. You’ve got a character, its got equipment and you pay with gold with gold to buy betterequipment. The gold has to be purchased for real money using the platform’s in
-app purchase. Forexample on Android here are the prices for gold:
I’ve spent 20$+ on game gold for 
Soulcraft THD on my Google Nexus 7 so far. So I asked myself 
how does that game’s gold data gets stored
on Windows 8, and whether or not we can change it.
 
Quick refresher from the previous article all Windows 8 apps are stored on your local HD at:
C:\Program Files\WindowsApps
 So for example all the assemblies for Soulcraft on Windows 8 will be stored at:
C:\ProgramFiles\WindowsApps\MobileBitsGmbH.SoulCraft_0.8.5.3_neutral__n3knxnwpdbgdc
 Also, all IsoStore files are stored at:
C:\Users\<username>\AppData\Local\Packages\
 So
on my machine Soulcraft’s IsoStore is at:
C:\Users\Justin\AppData\Local\Packages\MobileBitsGmbH.SoulCraft_n3knxnwpdbgdc\LocalState
 When opening up these files in Notepad we can see some of these files are encrypted while othersare not.So now the question becomes, can we decrypt the
 AccountData.xml 
file, edit the amount of gold
our character has and simply run the game? Well, as it turns out the answer is “Yes”. Normallyencrypted files are bad news if you’re trying to tamper with apps. But we should
remember this isall running on the local machine. We have the algorithm used for encryption, we have the hash
key and we have the encrypted data. Once we have all of those it’s pretty simple to decrypt
it’s possible to reverse engineer most of the Soulcraft source
code and find out how the
 AccountData.xml 
gets stored and how to
change it. Let’s assume we’ve
done that and we know which classes and assemblies are used to decrypt, edit and encrypt this
XML file. We’ll start off by create a new Win8 app and reference the appropriate DLLs from the
Soulcraft game.Next, since these
assemblies read files from IsoStore we’ll copy the encrypted game files to our
own App2 IsoStore.
Now we’ve staged a new app with the proper assemblies and populated IsoStore with Soulcraft’s
Data. The next step is to reverse engineer the assemblies and figure out the correct calling orderfor methods. For example this code would load up AccountData.xml, edit the amount of gold andsave it again.
 
usingDelta.Utilities.Helpers;usingDelta.Utilities.Xml;public sealed partial classMainPage:Page {publicMainPage(){this.InitializeComponent();this.Loaded += MainPage_Loaded;}private async voidMainPage_Loaded(objectsender,RoutedEventArgse) {varfilePath =Path.Combine(DirectoryHelper.GetBaseDirectory(),"AccountData.xml"); varaccountDataXml =XmlNode.LoadFile(filePath);
 
accountDataXml.Children.First().AddAttribute("Gold","1000000"); accountDataXml.Save(filePath);}}
Here’s the before and after of the XML file:
Copying the file back to Soulcraft’s IsoStore and starting Soulcraft we can see a first level
characterwith 1,000,000 gold.
At this point some of you must be thinking “so what? it’s fake game money”. True, but this fake in
-game money would be worth over a thousand dollar on Android and iOS. Without a secure storagelocation for game state, we c
an’t be surprised that 3rd party cracking will arise to make consumers
avoid in-app purchases.
#2: Cracking trial apps to paid versions for free
One of the top revenue streams for Windows 8 developers is by shipping paid apps. At the sametime consumer
s tend to be loss averse and are afraid to “lose” money on apps. The solution to
that are Trial apps. Paid apps can offer a free version with limited functionality or on a time limitedbasis. That works fine unless consumers attempt to manipulate this tentative status-quo by

Activity (7)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads
Rick Freeland liked this
Rick Freeland liked this
Rick Freeland liked this
Rick Freeland liked this
Rick Freeland liked this

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->